CVE-2026-27596

UNKNOWN 0.0

Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.

CWE	CWE-125 CWE-191
Vendor	exiv2
Product	exiv2
Published	Mar 2, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for exiv2 exiv2

Be the first to know when new unknown vulnerabilities affecting exiv2 exiv2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Exiv2 / exiv2

< 0.28.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7 github.com: https://github.com/Exiv2/exiv2/issues/3511 github.com: https://github.com/Exiv2/exiv2/pull/3512 github.com: https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4